Understanding Risk Mitigating Risk Communicating Risk
   
Internet of Things (IoT)
Provide to people the security they need, the privacy they want, expressed with interactions they find acceptable. Reaching a secure state from the current state requires overcoming very serious gaps. This includes the gap between the cryptographic threat models and user risk preferences; the distance between cryptographic implementations and device capabilities; and between the usability of the devices in the home and expectations of the home’s occupants. The method was an introductory ground-setting keynote followed by intensive collaboration leveraging the participants’ collective expertise.
   
Phishing
Secure browsing is a high priority and a major interface challenge — specifically threats that are less detectable by the endusers, including phishing. We developed and tested a user-centered solution for phishing detection leveraging machinelearning to implement personalized blocking, probabilisticlogic for evidence fusion and risk communication for userempowerment. The proposed solution is implemented as abrowser extension: the Holistic User-Centered Identificationof Threats (HUCIT). Our prototype provides immediate local identification of phishing websites and blocks unfamiliarscripts, based on machine learning threat detection and userrisk perception.
   
E-Crime
The purpose of economics of security has been seen as an empirical and methodological way of understanding security technologies and behaviors. A profoundly different way of viewing economics of security is as a set of design constraints that can impinged acceptability and diffusion of a security protocol, tool, or system. Our research embeds all of these through macroeconomic analyses of ecrime, development of tools to mitigate risk, and using behavioral economics to incentivize individual users to improving the security of systems. Also embedded in our research is advocacy for a paradigm shift to thinking of security as a community resource, i.e., as `club goods' or `common-pool resources'.
   
Aging in Place
Aging in place means people living in their homes as long as possible as they age. Our early work in aging in place focused on the IoT as grounded in design for elders at home. It has two core projects: our current IoT project and our previous ETHOS project.
   
BGP
The Internet, as a network of networks, is also a network of trust. The most clear instantiation of that trust is the updating of router tables based on unsubstantiated announcements. The positive result of this trust is that the network can be extremely responsive to failures, and recovery quickly. Yet the very trust that enables resilience creates risks from behavior lacking either technical competence or benevolence. Threats to the control plane have included political interference, misguided network configurations, and other mischief. Our goal is to classify route updates along a continuum of trust, exploring new algorithms that will give a measure of integrity assurance to BGP updates. We will explore the application of machine learning techniques with the variety of data available (technical, rates of change, economic, and geopolitical) as network topology is changed via BGP updates in order to generate probabilistic (not cryptographic) trust indicators for those changes.
   
Passwords
Passwords are the primary, most widely used single sign-on and multiple point authentication scheme adapted across the globe. Our research looks at not only how people create and use passwords, but also at external factors that may influence their behavior, such as to what extent changes in password policies and in system requirements impact password usage and reuse.
   
SDN
What are the challenges, threats, implications and potential for SDN in terms of creating a resilient network? To answer this question, we have created clear threat models grounded in documented and realistic use cases; extracted resulting enumerated authentication requirements; implemented one case of the necessary next-generation network modeling to evaluate authentication interactions, such that the models address all layers from physical to human; and finally the demonstrated practical forward movement to meeting these challenges as an open source network component named Bongo.
   
CSec_CRA
Models for Enabling Continuous Reconfigurability of Secure Missions, a five-year, $23.2 million cooperative agreement, will form a collaborative research alliance consisting of Indiana University, Penn State, Carnegie Mellon University, University of California Davis, University of California Riverside and the Army Research Laboratory.